Likelihood to Recommend Auditboard is especially useful for SOX control testing. It is very convenient having all our information on a single platform. It is easy to communicate PBC requests to clients, store control testing working papers for review, communicate deficiencies and build dashboards to provide visual statistics. Situations where it might not be useful are for organizations that are smaller in size where the templates don't fit well with their internal audit/controls program. There is a significant amount of testing required before using the platform, and adapting working papers to fit in well with AuditBoard
Read full review Oracle EBS R12 requires a unique user skillset to understand how it handles user access and functions. Accordingly, ServiceNow has this high level of sophistication to manage this information and apply it to Sensitive Access and Segregation of Duties rules to identify exceptions. This depth of configuration is critical to accurately identify when Oracle Responsibilities (access) truly allows access and thus could be a violation. ERPs with less complexity may not require this customization of ServiceNow GRC, but you would be wise to raise these questions and examples in the demo to ensure it will work for you. In the past, we have found that risks of under-reporting exceptions or false positives become so voluminous that users don't always get to the accurate violations for timely remediation. Proper configuration up front will improve your effectiveness and ROI down the road.
Read full review Pros AuditBoard allows real-time collaboration between control and business owners and auditors. AuditBoard has a lot of fantastic training sessions and office hours to help users make the most of the product. AuditBoard has great customer service personnel to answer questions and troubleshoot any issues. Read full review Finding reported by the auditor. GRC helps us identify, assign, and track the resolution of this. Exception to information security policy. These require quarterly reviews and setting up reminders to revisit these. Building out new projects and baking security and compliance into the project and tracking it in GRC to ensure we deliver a compliant product on day one Read full review Cons We used to perform our Risk Control Analysis (RCA) for each audit's planning in an Excel spreadsheet. Once we purchased the Risk Oversight module, AuditBoard helped us convert the RCA to a system function rather than a spreadsheet. At first, we lost some of the functionality the spreadsheet provided, but AuditBoard did continue to help us build and work towards a solution more similar to what we previously had. Though happy with it, it's still not perfect. As one example, I'd like to be able to link actual Ops Audit work steps that cover the risk and controls being outlined in the RCA, rather than just adding a comment to state which steps cover them. More of a preference, I suppose. I also had demoed their beta Resources and Scheduling module, but it didn't have enough functionality at the time to work for how we put the quarterly Internal Audit schedule together (using Excel). One thing I recall was that you couldn't pull in SOX controls or non-chargeable work (such as education or administration) to auditor's schedules; it was meant to schedule the Ops Audits only. It is possible they have already fixed or improved this; I just haven't seen the updated version. Read full review Delivering more out of the box functionality that rivals other GRC platforms. The bare bones approach may not help companies that do not have expertise or capabilities to build effective GRC processes. Easier way to implement workflow. Offering better metrics without buying add-on tools. Read full review Usability I'm satisfied with our experience. The configuration was the biggest challenge, but we have moved onto the stage of user training and usability. We would appreciate having better user training documentation and possibly videos and/or computer-based training to help our international users adopt this software for their GRC needs.
Read full review Support Rating It's a good system, but I am awaiting key features in the new release. We hear that ServiceNow is continually adding new features and we look for improved reporting, better Oracle Integration, and user training opportunities. To the extent these materialize, we expect further improvements in our experience with ServiceNow GRC. Until that time, though, we believe we are meeting our objectives expected at the beginning of this project.
Read full review Alternatives Considered I remember there were a lot of sync issues when I used the internally developed software, but that's probably because a few people were working on the same project at the same time. I have not come across this issue in AuditBoard
Read full review We just recently started using
TrustArc for data privacy requests and I can already speak to the fact that
TrustArc is a more confusing platform once there. The positives of ServiceNow would be that a majority of our URL's drive to owned websites which our employees are very comfortable with using versus pushing them to another website that feels unsafe.
Read full review Return on Investment Hard to quantify. It was cheaper than the tool we had and we were able to get rid of standalone tool for surveys. overall, just better user experience for all. Read full review Effective Enterprise Risk Management Holistic Real-time Monitoring of your technology and Risk Negative - Asset Management has some issues and Ghost / Shadow IT is big issue Read full review ScreenShots